Pre-Requisists:

  • Powershell + Microsoft Sign-in Assistant 
  • Administrative Rights to the Office 365 Tenancy in Question. 
  • Office 365 DirectorySyncronisationEnabled = "False" 


When removing a Domain from Office 365, Microsoft will recommend that you use the following command to reveal those who conflict upon domain removal. 


"Get-msoluser -DomainName "[Domain]"


This command can be useful however with this method will in fact only show "Msol User Objects". Attributes that associate to the domain are also found on MsolGroups, Msolcontacts + Exchange Objects. 

The Attached Script has the ability to loop through all object types while removing all attributes that would associate to the domain that is specified. 


But Before we attempt to change any attributes, Directory Synchronisation must be "Disabled" in order for us to make changes. Trying to change an attribute on an object that is using DirSync  will result in the following Error:

To Disable Directory Synchronisation,please run the following command with administrative privileges. 


Set-MsolDirSyncEnabled -EnableDirSync $false


This action can take a while to take effect. We recommend waiting 30 minutes - 1 hour for all Objects to convert to "In-cloud" on Microsoft's Servers. 

Once you can confirm objects are now "In-Cloud" within the Portal, Please continue to the step-by-step guide. 


Below is a step-by-step guide:


    1. Open a Powershell Window as an 'administrator"


    2. Set ExecutionPolicy to 'Unrestricted' : (Command Below if Required)

        Command: "Set-ExecutionPolicy -ExecutionPolicy Unrestricted"


    3. Download the Attached Script, Save it locally and then run via your PowerShell Window. 


    4. You will be asked to Authenticate to Office 365. This will then import all necessary modules and connect you too Exchange Online. 


    5. Prompt for Selected Domain 


    6. Once connected you will be given a list of Objects who associate to the domain specified in the step above. 

'

    7.Once the List of Objects has been closed the process will begin. 


    8. For each Object type, we will run the following: (This step is to ensure every object with ONLY an address associating to "[Selected Domain]" as handled correctly.)  

  • If the Microsoft address is present as a UserPrincipalName we will Change the Primary Address too this. 
  • If the Microsoft Address is NOT present as a UserPrinicipalName we will add the Onmicrosoftaddress then change it too that. 

    9. Once step 8 has been handled we will then attempt to remove the proxy addresses that associated to "[Selected Domain]"


    10. Script will Prompt at completion. This is when all processes have been handled correctly. 

         You may run the script again to see if any users exist within the domain if you wish. 


    11. You should now be able to perform your Office 365 Domain Removal 


Please Contact "Support.iamcloud.com" of you have any problems. 


COPYRIGHT NOTICE

COPYRIGHT 20173 IAM Cloud

All rights reserved.  No part of this document may be reproduced in any form, including photocopying or transmission electronically to any computer, without prior written consent of IAM Cloud.  The information contained in this document is confidential and proprietary to IAM Cloud and may not be used or disclosed except as expressly authorised in writing by IAM Cloud.